How to interpret the response from OpenSSL?

2019-09-01 11:44发布

问题:

So in the AWS IoT tutorial I get this:

pi@raspberrypi:~/certs $ openssl s_client -connect iot.us-west-2.amazonaws.com:443 -CAfile root-CA.pem -cert certificate.pem.crt  -key private.pem.key
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = "Amazon.com, Inc.", CN = iot.us-west-2.amazonaws.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=iot.us-west-2.amazonaws.com
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
---
Server certificate
STUFFHERE
-----END CERTIFICATE-----
subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=iot.us-west-2.amazonaws.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
---
SSL handshake has read 3264 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: FC6ABAE41818994E5D7B6AE83DCE0F717396D7F5314CFB096CD967489A136CCA
    Session-ID-ctx: 
    Master-Key: STUFFHERE
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 10800 (seconds)
    TLS session ticket:
    0000 - d5 b9 92 64 2c 92 37 2c-79 c2 68 04 28 ef f4 d7   ...d,.7,y.h.(...
    0010 - e1 31 dc 7e 80 51 a8 ef-da ab 0f 60 7e 5b 1d 52   .1.~.Q.....`~[.R
    0020 - b1 03 06 52 ac 8b 32 12-54 1f 86 72 f4 a7 2b f3   ...R..2.T..r..+.
    0030 - ba 3b f8 91 a6 fc ce 53-d2 0c d9 96 75 a2 4c f1   .;.....S....u.L.
    0040 - 31 bd f4 84 f2 c6 b8 51-06 8c 36 22 12 b3 82 99   1......Q..6"....
    0050 - b6 13 b9 f8 fa 54 e4 0d-eb 01 b6 c4 82 b2 1b 88   .....T..........
    0060 - c6 af 3b 54 58 83 77 4b-69 b2 b1 8c cb 0a 7c 81   ..;TX.wKi.....|.
    0070 - 70 a9 d5 d2 fd f8 3b 21-e3 8e b2 e6 c4 83 f9 af   p.....;!........
    0080 - bc 3f 8e fa 33 ae 28 7b-be e6 8d 6b aa 96 4e 56   .?..3.({...k..NV
    0090 - 12 6f b3 9d bc b5 53 fa-23 3c 79 5b 41 a1 ae 5a   .o....S.#<y[A..Z

    Start Time: 1457306705
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed

I have the followings in the ~/certs folder:

pi@raspberrypi:~/certs $ ls
certificate.pem.crt  private.pem.key  public.pem.key  root-CA.pem